class OrdersController < ApplicationController
  before_filter :find_order,              :only =>  [:show,   :edit,  :update,    :checkout, :destroy]
  before_filter :find_list_items,         :only =>  [:index,  :edit,  :checkout,  :show]
  before_filter :require_login
  before_filter :require_authorized_user, :only =>  [:show,   :update]
  
  def index
    if params[:display] == "completed"
      if current_user.is_admin?
        @orders = Order.find(:all, :conditions => ["is_completed = ?", true])
      else
        @orders = Order.find(:all, :conditions => ["user_id = #{current_user.id} AND is_completed = ?", true])
      end
    elsif params[:process] == "shopping_cart"
      @orders = Order.find(:all, :conditions => ["user_id = #{current_user.id} AND is_completed = ?", false])
    else
      if current_user.is_admin?
        @orders = Order.find(:all, :conditions => ["is_completed = ?", false])
      else
        @orders = Order.find(:all, :conditions => ["user_id = #{current_user.id} AND is_completed = ?", false])
      end
    end
  end

  def show
    @orders = []
    @orders << @order
  end

  def new
    @order = Order.new
  end

  def create
    @order = Order.new(params[:order])
    params[:order][:order_items] ||= []
    params[:order][:order_options] ||= []
    @order.user = current_user
    @order.save!(params[:order])
    redirect_to orders_url
  rescue ActiveRecord::RecordInvalid
    flash[:error] = 'Errors were detected, see below.'
    redirect_to order_url(@order)
  end
  
  def edit
  end
  
  def update
    params[:order][:order_items] ||= []
    params[:order][:order_options] ||= []
    #params[:order][:order_items][:item_options_ids] ||= []
    @order.update_attributes!(params[:order])
    flash[:update] = 'Your shopping cart has been updated'
    (params[:commit] == "checkout") ? (redirect_to order_checkout_url(@order)) : (redirect_to order_url(@order))
  rescue ActiveRecord::RecordInvalid
    flash[:error] = 'Errors were detected, see below.'
    redirect_to order_url(@order)
  end

  def destroy
    @order.destroy
    flash[:update] = 'The order has been deleted.'
    redirect_to orders_url
  end

protected
  def find_list_items
    @item_options     = ItemOption.find(:all)
    @order_options    = OrderOption.find(:all)
    @photo_sizes      = PhotoSize.find(:all)
    @shipping_methods = ShippingMethod.find(:all)
    @price_lists      = PriceList.find(:all)
  end
  def require_authorized_user
    unless @order.user == (current_user) || current_user.is_admin?
      flash[:error] = "You are not authorized to modify or view this order"
      redirect_back_or_default('/')
    end
  end
  def require_login
    if !logged_in?
      flash[:error] = 'You must be logged in to do that'
      redirect_to login_url
    end
  end
  def require_admin
    if logged_in?
      if !current_user.is_admin?
        flash[:error] = "Must be an administrator to do that, sorry."
        redirect_back_or_default('/')
      end
    else
      flash[:error] = 'You must be logged in to do that'
      redirect_to login_url
    end
  end
  def find_order
    @order = Order.find(params[:id])
  end
end
